August 24, 2022

LockBit data leak websites were shut down after the gang suffered a DSoS attack that ordered them to remove data stolen from security firm Entrust.

According to LockBitSupp, the public-facing representative of the LockBit ransomware operation, their Tor sites were attacked by someone believed to be associated with Entrust.

“Ddos attack began immediately after the publication of data and negotiations, of course it was them, who else needs it? In addition, in the logs there is an inscription demanding the removal of their data,” LockBitSupp said.

As a form of retaliation for the DDoS attack, LockBit’s data leak site now displays the gang’s plan to upload all the data of Entrust as a torrent. This makes it impossible to take down the data leak sites.

LockBitSupp further explained that another cybersecurity firm, Accenture, had carried out similar cyberattack but had not been very successful.

Alleged negotiations between Entrust and the attackers were shared with security expert Soufiane Tahiri, who revealed that the attackers initially demanded US$8 million in ransom before reducing it to US$6.8 million.

In July, Entrust confirmed a data leak, and last week LockBit claimed responsibility for the attack. On Friday, the gang began releasing leaked data, including 30 screenshots of data.

The sources for this piece include an article in BleepingComputer.